Buut it ends well: at the hotel (my fav : Leonardo Boutique), the guy at the reception asked whether I was here for the first time. Not only that I wasn’t here for the first time, but I told him (the truth) that this is my favorite hotel. Guess who now has an upgraded panoramic view room? 😀

That guy is absolutely nuts. He laughed and made jokes the entire concert; at the beginning he said he loves our beer and our women and he’s pretty sure he’s going to get very drunk and dance naked on the scene.

Close to the end of the show he managed to snap his pants, so that all of us could see his underwear.

Lately I had the opportunity to work again with the VoIP team. Besides the fact that I remember the good old days when I was the stupidest member of the team and I super super enjoyed learning in a fast manner from my VoIP guru colleagues, I really enjoyed getting in touch again with this wonderful technology.

I am moving towards a managerial/sales position, but moments like this re-confirm to me that I am truly happy when I do 1000% super technical stuff. I love mathematics and cryptography and working with super technical people. I am just happy to do this

Basically there are 3 crypto suites that can be used to encrypt the RTP payload:

AES_CM_128_HMAC_SHA1_80

AES_CM_128_HMAC_SHA1_32

AES_F8_128_HMAC_SHA1_80

These are classic crypto suites, but each implementation may use variations of these ones. I wouldn’t say that you can define your own 3DES crypto suite for securing RTP packets, but at least you can use your own key length for authenticating the packets.

Encryption either uses AES in Counter Mode or in F8. I never used F8, so I won’t talk about it right now 🙂

Authentication uses a hash based message authentication code, having SHA1 as a hash function.

And, as we all know, the SHA1 produces an output of 160 bits.

The nice people from IETF show us how the SRTP packet is supposed to look like:

In SDP (or otherwise via out of band methods), the sender and receiver exchange master keys in order to have a cryptographic base for VoIP packets encryption. The keys are series of bits and are not directly used for encryption. They are master keys out of which each party derives symmetrical sessions keys used for the actual RTP encryption. Usually the master “key” that is exchanged between parties also contains a salt value, used for randomization at the session keys generation and also in re-keying. Although this value is not mandatory, it is strongly recommended, as it provides enough randomization to protect against off-line dictionary attacks on the session keys.

The optional MKI (Message Key Identified) header has a configurable length (it usually is 4B) and it is used by sender and received to properly identify the master key used for the current stream – this is also used in re-keying.

The authentication tag, or n_tag – the way it’s called, contains the authentication data. This is a recommended field, as is used when the packet is also authenticated (not only encrypted). The RTP packet can be only encrypted – null authentication, null-encrypted and authenticated and both encrypted and authenticated (when the encryption is done before authentication). This n_tag contains the authentication data, providing protection against replay attacks.

Intrinsic to the SRTP there is no way of specifying the keys lifetime. This is either pre-configured on the RTP endpoints, or it is negotiated in the SDP header. This lifetime is specified (at least to my understanding) in terms of packets: how many packets the endpoint is supposed to encrypt using a particular session key, before that key is no longer considered safe to use.

If we are to consider a call-control scenario, my SDP would look something like this:

Today was probably my best day ever in Israel! Nathan and his girlfriend, Mali, invited me over and thought me how to prepare Israeli food, like, the real stuff! Using original recipes from their family. Of course, Mali was the master, but she let Nathan have all the glory of teaching the alien how to cook 😛

I don’t yet have all the recipes, in my head. Mali will translate them for me and send it over, along with the pictures I’ve taken from the production steps.

Basically, I’ve had a crash course, hands-on training on how to prepare shakshuka, tahini and 2 types of salad. They use a lot of interesting spice and garlic. Then they gave me vodka. I believe it is called Van Gogh, pretty interesting name for Vodka, huh? I only managed to taste 2 types of this Van Gogh, one tasted like pineapple, while the other one has an espresso taste. They were very good, but still too hot for me.

Pictures: when I get them from Mali. I made new friends and hopefully I didn’t scare them off with my too much talking.

Oh, the guys here took my Hebrew learning very seriously, so they are working hard on getting me up to date with the Hebrew slang. From the top of my head:

What’s up, bro? = Manysh-ma ne-shama?

Oki, doki = Sababa

All is smooth (honey..) = Acol dvash.

Today I ordered my restaurant food on my own. And I finally learnt how to ask for water – you do remember I only learned how to ask for wine and beer.